Tuts+ Premium Security Breach & The Marketplaces

Yes, I agree that they should have, but I can also tell you that moving away from amember is a serious pain. I’ve had to do it before and it is excruciatingly difficult.

The main reason it is hard is because you have thousands of live PayPal subscriptions, which, due to limitations of PayPal and Amember, cannot be simply moved to a new system. In order to move to a new system, you have to work out ways to “steal” the subscriptions away from amember.

I know this because I’m trying to move a really old site away from amember right now, and I know several other people doing the same thing.

mordauk said
I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net.
It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

mordauk said
I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net.
It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

mordauk said
I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net.
It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

Envato patched the issue within 48 hours, don’t give me bullshit about it being difficult. Yeah, it is when you’ve got an entire team of useless “developers”.

Envato have had over 6 months to patch the issue, instead they wait for the breach to happen and then update it – do you see the logic because I certainly don’t?

@dtbaker, I would say it is a safety measure rather than transparency. Don’t praise people on wrong times. If the hackers do bad things with the member data, someday this thing may come out by itself with different kind of pressure. So as of now, they did what should be done to reduce/avoid the potential damage. Do we know how many members missed to understand this thing happened and they supposed to change something on somewhere?

mordauk said
I’d like to point out that it was as much a fault of aMember (the software used to run Tuts+) as it was Envato, yet NO ONE is yelling at them. Seriously? Amember is one of the largest and most widely used membership softwares on the net.
It was definitely very, very negligent of Envato to not fix the issue sooner, but if you’re going to yell at someone, yell at both of them.

Envato must make over $500,000 every month. I’m pretty damn sure a company like Envato can afford to have every single line in their code examined for security, performance etc. Envato knew about this bug since last year.

I never said they shouldn’t have or could not have. I was simply pointing out that making the move is very difficult.

Envato patched the issue within 48 hours, don’t give me bullshit about it being difficult. Yeah, it is when you’ve got an entire team of useless “developers”.

Envato have had over 6 months to patch the issue, instead they wait for the breach to happen and then update it – do you see the logic because I certainly don’t?

Dude, not trying to start a war. Just because it can be done in 48 hours does not mean it isn’t extremely difficult. They have a large development team with a ton of skill. It’s obvious they can (they did) do it.

Anyhow, I NEVER said it shouldn’t have happened a long time ago.

And please, come on, don’t call Envato developers useless. Not fixing the security breach was a mistake higher up. If it wasn’t for the fantastic Envato devs, we wouldn’t have these great marketplaces.

Post Reply

<strong></strong> to make things bold
<em></em> to emphasize
<ul><li> or <ol><li> to make lists
<h3> or <h4> to make headings
<pre></pre> for code blocks
<code></code> for a few words of code
<a></a> for links
<img> to paste in an image (it'll need to be hosted somewhere else though)
<blockquote></blockquote> to quote somebody